LinuxSecurity.com 		Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
How strictly do your users obey your security policies?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
Emily Ratliff: OS Security
DanWalsh LiveJournal
Security Bloggers Network
Latest Newsletters
Linux Security Week: December 1st, 2008
Linux Advisory Watch: November 28th, 2008
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Mandriva: Updated boost packages fix DoS vulnerabilities Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Mandrake Tavis Ormandy and Will Drewry found that the bost library did not properly perform input validation on regular expressions. An attacker could exploit this by sening a specially crafted regular expression to an application linked against boost and cause a denial of service via an application crash. The updated packages have been patched to correct this issue. 
 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDVSA-2008:032
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : boost
 Date    : February 1, 2008
 Affected: 2007.0, 2007.1, 2008.0
 _______________________________________________________________________
 
 Problem Description:
 
 Tavis Ormandy and Will Drewry found that the bost library did not
 properly perform input validation on regular expressions.  An attacker
 could exploit this by sening a specially crafted regular expression
 to an application linked against boost and cause a denial of service
 via an application crash.
 
 The updated packages have been patched to correct this issue.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0171
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0172
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2007.0:
 050747f9a2c9557d33977d9bd51184b2  2007.0/i586/libboost1-1.33.1-3.1mdv2007.0.i586.rpm
 447ac5fc34d29669c8a21b7abd677413  2007.0/i586/libboost1-devel-1.33.1-3.1mdv2007.0.i586.rpm
 4b4b7ff3d032516cd2f22af208ef7d3b  2007.0/i586/libboost1-examples-1.33.1-3.1mdv2007.0.i586.rpm
 b084ed15b24c16e41ea2660732d1fa53  2007.0/i586/libboost1-static-devel-1.33.1-3.1mdv2007.0.i586.rpm 
 4b9252988703c7360d91138aa1b738b7  2007.0/SRPMS/boost-1.33.1-3.1mdv2007.0.src.rpm

 Mandriva Linux 2007.0/X86_64:
 9b983d8a118824218998792630a93368  2007.0/x86_64/lib64boost1-1.33.1-3.1mdv2007.0.x86_64.rpm
 f975c8790f99728dd3635b0a79a2b639  2007.0/x86_64/lib64boost1-devel-1.33.1-3.1mdv2007.0.x86_64.rpm
 8349cb46e64007d854902abe784278d8  2007.0/x86_64/lib64boost1-examples-1.33.1-3.1mdv2007.0.x86_64.rpm
 8781b8e9cac3079e22be542dc89679e0  2007.0/x86_64/lib64boost1-static-devel-1.33.1-3.1mdv2007.0.x86_64.rpm 
 4b9252988703c7360d91138aa1b738b7  2007.0/SRPMS/boost-1.33.1-3.1mdv2007.0.src.rpm

 Mandriva Linux 2007.1:
 4e2b108f19e9e77cacd23f950a287c1a  2007.1/i586/libboost1-1.33.1-5.1mdv2007.1.i586.rpm
 953ecb0bb51516d5a860947c6ec3cca3  2007.1/i586/libboost1-devel-1.33.1-5.1mdv2007.1.i586.rpm
 cec00f6e2461c188e12248ec1085b64a  2007.1/i586/libboost1-examples-1.33.1-5.1mdv2007.1.i586.rpm
 7f3150b483155ba9ddc5ce9b9c6a24b1  2007.1/i586/libboost1-static-devel-1.33.1-5.1mdv2007.1.i586.rpm 
 0133bec4e45c53c26b59fe599b0c2ef3  2007.1/SRPMS/boost-1.33.1-5.1mdv2007.1.src.rpm

 Mandriva Linux 2007.1/X86_64:
 55150e1ce05e3d3385815648cd4924ba  2007.1/x86_64/lib64boost1-1.33.1-5.1mdv2007.1.x86_64.rpm
 93d7474def1e122c4ddf5fab1e81dfd6  2007.1/x86_64/lib64boost1-devel-1.33.1-5.1mdv2007.1.x86_64.rpm
 59dd3438007e7d383d3cbaa1b2eacb38  2007.1/x86_64/lib64boost1-examples-1.33.1-5.1mdv2007.1.x86_64.rpm
 a213a0ee7cdc1b75fbbde6835a7295db  2007.1/x86_64/lib64boost1-static-devel-1.33.1-5.1mdv2007.1.x86_64.rpm 
 0133bec4e45c53c26b59fe599b0c2ef3  2007.1/SRPMS/boost-1.33.1-5.1mdv2007.1.src.rpm

 Mandriva Linux 2008.0:
 e184b23843e35d7365033cc6cb45f2dd  2008.0/i586/libboost1-1.33.1-6.1mdv2008.0.i586.rpm
 6fa2ca96cb71d8bd3e54aa2f05118017  2008.0/i586/libboost1-devel-1.33.1-6.1mdv2008.0.i586.rpm
 aa82d51548030d03ad1e86a174013333  2008.0/i586/libboost1-examples-1.33.1-6.1mdv2008.0.i586.rpm
 42d0e230fca8ac7b094f9d159e9d8758  2008.0/i586/libboost1-static-devel-1.33.1-6.1mdv2008.0.i586.rpm 
 e4b3da7cdfb5210d65c5b60556e9744e  2008.0/SRPMS/boost-1.33.1-6.1mdv2008.0.src.rpm

 Mandriva Linux 2008.0/X86_64:
 af70bbe3671b92f97d09e845682609ca  2008.0/x86_64/lib64boost1-1.33.1-6.1mdv2008.0.x86_64.rpm
 3597c04eea3dea15c278cdb3f0bbcc8e  2008.0/x86_64/lib64boost1-devel-1.33.1-6.1mdv2008.0.x86_64.rpm
 65468c84027dbe61a43146a82a5a76e8  2008.0/x86_64/lib64boost1-examples-1.33.1-6.1mdv2008.0.x86_64.rpm
 3a6b5ed6fffb8d18358729afb1f9ebc1  2008.0/x86_64/lib64boost1-static-devel-1.33.1-6.1mdv2008.0.x86_64.rpm 
 e4b3da7cdfb5210d65c5b60556e9744e  2008.0/SRPMS/boost-1.33.1-6.1mdv2008.0.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
 
< Prev   Next >
    
Partner:

 
Latest Features
A Secure Nagios Server
Never Installed a Firewall on Ubuntu? Try Firestarter
Review: Hacking Exposed Linux, Third Edition
Security Features of Firefox 3.0
Review: The Book of Wireless
April 2008 Open Source Tool of the Month: sudo
Open Source Tool of March: ZoneMinder
Yesterday's Edition
Linux Role in Botnets Studied
10 Mistakes New Linux Administrators Make

QuickLinks: Comunity , HOWTOs , Blogs , Features , Book Reviews , Networking ,
  Security Projects ,   Latest News ,  Newsletters ,  SELinux ,  Privacy ,  Home,
 Hardening ,   About Us,   Advertise,   Legal Notice,   RSS,   Guardian Digital

(c)Copyright 2008 Guardian Digital, Inc. All rights reserved.